1 / 27

ObliVM : A Programming Framework for Secure Computation

ObliVM is a programming framework that enables secure computation, allowing non-specialist programmers to securely compute sensitive data. It uses oblivious programming abstractions and compiles programs into an oblivious counterpart for better performance. The framework supports various features such as random type, phantom functions, bounded loops, and higher-order functions.

glendaa
Download Presentation

ObliVM : A Programming Framework for Secure Computation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ObliVM: A Programming Framework for Secure Computation http://www.oblivm.com Chang Liu, Xiao Shaun Wang, Kartik Nayak, Yan Huang, Elaine Shi

  2. Dating: Genetically Not leaking their sensitive data! Good match?

  3. Secure Computation z = f(x, y) Alice Bob but nothingmore! Reveal z

  4. What is ObliVM? Source Programs ObliVM SC Protocols

  5. How non-specialist programmerscan securely compute? Cryptographers’ favorite model Programmers’ favorite model defbinSearch(a, x): lo, hi = 0, len(a) res = -1 while lo <= hi: mid = (lo+hi)//2 midval = a[mid] ifmidval < x: lo = mid+1 elifmidval > x: hi = mid else: res = mid return res XOR AND … … OR …

  6. Dynamic memory accesses cannot be easily encoded in circuits intbinSearch( aliceint a[], bob int key, publicint n) { int left=0, right=n; while(n>0) { int mid = (left+right)/2; if(a[mid]<key) left = mid + 1; else right = mid; n = (n+1)/2; } return left; }

  7. Obliviousness: memory accesses do not depend on secret input Programs in a high level language (e.g. C) Oblivious Program Circuits Relatively easy Challenging This talk

  8. Oblivious RAM (ORAM) compiles an arbitrary program into an oblivious counterpart [GO96, SCSL11] Generic ORAM Simulation [Liu et al. 2014] [GO1996] Software protection and simulation on oblivious RAMs, J. ACM [SCSL2011] Oblivious RAM with Worst-Case Cost, ASIACRYPT 2011 [Liu et al. 2014] Automating Efficient RAM-Model Secure Computation, Oakland 2014

  9. Nina Taft Distinguished Scientist Generic ORAM Simulation [Liu et al. 2014] Customized protocols 5researchers,4months to develop an (efficient) oblivious matrix factorization algorithm over secure computation [Nikolaenko et al. 2013] General, low design cost Efficient, requires expertise [Liu et al. 2014] Automating Efficient RAM-Model Secure Computation, Oakland 2014 [Nikolaenko et al. 2013] Privacy-preserving matrix factorization, CCS 2013

  10. ObliVM: Achieve the Best of Both Worlds • http://www.oblivm.com • Programs by non-specialists achieve the • performance of customized designs.

  11. Key idea: Programming Abstractions

  12. Analogy to Distributed Computation Successful story in the distributed computing community: MapReduceis a parallel programming abstraction. Compile

  13. Programming Abstractions for Oblivious Computation ObliVM approach: we provide oblivious programming abstractions. Oblivious representation using ORAM (generic) and oblivious algorithms (problem specific, but efficient) Compile

  14. Goal and Solutionlanguage support • Goal: serving two users • Cryptographers: implement abstractions • Non-specialists: use abstractions to build applications • Solution: new language features enables abstractions • Random type, phantom functions (ORAM, ODS) • Bounded loop (loop coalescing) • Higher order functions (MapReduce) • and more • The compiler will be open sourced soon • https://github.com/oblivm/ObliVMLang

  15. Better asymptotic complexity than the state-of-the-art! ODS Sparse Graph Algorithms MapReduce Loop Coalescing Depth-First Search Dijkstra’s Shortest Distance Minimum Spanning Tree

  16. Loop Coalescing Block 1 ×n Gives oblivious Dijkstraand MST for sparse graphs Block 2 ×m Block 3 ×n

  17. Loop Coalescing Gives oblivious Dijkstraand MST for sparse graphs

  18. Hand-crafting vs. Automated Compilation 2013 ObliVM Today Nina Taft Distinguished Scientist Same Tasks Matrix Factorization 1 graduate student-day 10x-20x better performance [NIWJTB-CCS’13] 5 researchers4months Ridge Regression [NWIJBT-IEEE S&P ’13] 5 researchers3weeks • [LWNHS-IEEE S&P ’15] (This work)

  19. ObliVM vs. Prior Best Automated Solution Dijkstra’s algorithm 768K data 7x Backend optimizations speedup 2500x Language and compiler 51x Circuit ORAM Baseline: state-of-the-art [HFKV-CCS12]in 2012, no ORAM [HFKV-CCS’12] Holzeret al. Secure Two-Party Computations in ANSI C. In CCS ‘12

  20. ObliVM vs. Prior Best Automated Solution Dijkstra’s algorithm 768K data 7x Backend optimizations speedup 2500x Language and compiler 51x Circuit ORAM Baseline: state-of-the-art [HFKV-CCS12]in 2012, no ORAM [HFKV-CCS’12] Holzeret al. Secure Two-Party Computations in ANSI C. In CCS ‘12

  21. ObliVM vs. Prior Best Automated Solution Dijkstra’s algorithm 768K data 7x Backend optimizations speedup 2500x Language and compiler 51x Circuit ORAM Baseline: state-of-the-art [HFKV-CCS12]in 2012, no ORAM [HFKV-CCS’12] Holzeret al. Secure Two-Party Computations in ANSI C. In CCS ‘12

  22. Dijkstra’s algorithm: Sources of speedup Total speedup: ~106x 7x Backend optimizations speedup 2500x Language and compiler 51x Circuit ORAM Baseline: state-of-the-art [HFKV-CCS12]in 2012, no ORAM [HFKV-CCS’12] Holzeret al. Secure Two-Party Computations in ANSI C. In CCS ‘12

  23. ObliVM: Binary Search on 1GB Database Reference point: ~24 hours in 2012 [HFKV-CCS’12] ObliVM Today: 7.3 secs/query 2 EC2 virtual cores, 60GB memory, 10MBps bandwidth [HFKV-CCS’12] Holzeret al. Secure Two-Party Computations in ANSI C. In CCS ‘12

  24. Overhead w.r.t. Insecure Baseline Distributed GWAS 130× slowdown 1.7×104×slowdown 9.3×106×slowdown Hamming Distance K-Means

  25. ObliVM Adoption www.oblivm.com Privacy-preserving data mining and recommendation system Computational biology, privacy-preserving microbiome analysis Privacy-preserving Software-Defined Networking Cryptographic MIPS processor iDash secure genome analysis competition (Won an “HLI Award for Secure Multiparty Computing”)

  26. Backup

  27. Backend Speedup for More Applications PL Circuit ORAM [HKFV12] 1.7x106x 7x 2x 1.2x105x 9x105x 7x 2500x 51x 9x105x 7x 2500x 51x 106 105 104 103 100 10 1 2.6x104x 7x 10x 366x 1.6x104x 7x 5.5x 407x 8200x 7x 5.5x 212x 7400x 7x 2x 530x 5900x 7x 13x 65x Speedup Dijkstra MST K-Means Heap Map/Set BSearch AMS CountMin Data size: 768KB 768KB 2MB 8GB 8GB 1GB 10GB 0.31GB [HFKV-CCS’12] Holzeret al. Secure Two-Party Computations in ANSI C. In CCS ‘12

More Related